ClawHub

Webhook

v1.0.0

Implement secure webhook receivers and senders with proper verification and reliability.

3· 3.4k·25 current·26 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md content: the document contains best-practice guidance for receiving, verifying, deduplicating, and sending webhooks. No unrelated environment variables, binaries, or install steps are requested.
Instruction Scope
Instructions stay within webhook design and operational concerns (signature verification, replay prevention, idempotency, retries, logging). They recommend storing event IDs, logging payloads, and using databases/Redis — this is appropriate for the stated purpose, but implementers must ensure logs and stored payloads are redacted/secured as the doc itself notes.
Install Mechanism
No install spec or code files are present (instruction-only). This is the lowest-risk approach — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance mentions secrets and databases as expected implementation details but does not request access to any credentials, which is proportionate.
Persistence & Privilege
always:false and normal model invocation are used. The skill does not request persistent system presence or modify other skills or system settings.
Assessment
This skill is a set of developer best practices — it itself does nothing and doesn't ask for credentials or install code. It's safe to read and use as guidance. If you implement these recommendations in your code, be careful to: (1) store webhook secrets and processed-event IDs securely (e.g., protected DB/Redis), (2) redact sensitive fields before logging, (3) limit log retention and access, and (4) validate any third-party IP allowlist/rotation flows before trusting them. Because the skill is instruction-only, there is low inherent risk; review any code you write based on these instructions for secure handling of secrets and logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dv0gwn0jx7kdegbcvz0hqdd80w6hv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪝 Clawdis
OSLinux · macOS · Windows

Comments